Validate LUKS2 in-before moving keyslots on conversion.

During LUKS2 upconversion we moved binary keyslots area before validating future LUKS2 header. If later LUKS2 validation failed for some reason keyslots were already moved to new offsets and LUKS1 offsets were therefore invalid. Following effort to unlock such device failed because keyslots were efectively corrupted. See issue #534.
2025-12-05 16:00:05 +01:00 · 2020-02-14 12:52:56 +01:00
parent 3e7dedaf99
commit d4f4dfb54f
1 changed files with 5 additions and 0 deletions
--- a/lib/luks2/luks2_luks1_convert.c
+++ b/lib/luks2/luks2_luks1_convert.c
@@ -577,6 +577,11 @@ int LUKS2_luks1_to_luks2(struct crypt_device *cd, struct luks_phdr *hdr1, struct
 		goto out;
 	}

+	/* check future LUKS2 metadata before moving keyslots area */
+	r = LUKS2_hdr_validate(cd, hdr2->jobj, hdr2->hdr_size - LUKS2_HDR_BIN_LEN);
+	if (r)
+		goto out;
+
 	if ((r = luks_header_in_use(cd))) {
 		if (r > 0)
 			r = -EBUSY;